HP
OpenView NNM HTTP Accept-Language header Buffer Overflow Vulnerability
Date Discovered:
12/10/2009
Severity:
High
Applications Affected:
HP OpenView Network
Node Manager 7.01
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.53
Type:
Remote
Identifiers:
CVE-2009-4179
Synopsis
A
Buffer Overflow Vulnerability has been discovered in HP OpenView
Network Node Manager 7.01, 7.51 and 7.53 in the way that this
application handles specially crafted invalid HTTP header to some CGI
script.
Recommended Actions
Update with the latest patches as recommended by vender.
Threat Analysis
HP OpenView Network Node Manager is useful for
maintenance and monitoring of your company's networks and computers.
This tool automatically discovers computer networks, displays network
topologies, correlates and manages events and SNMP traps for recovery,
monitors network health, and gathers performance data. In this way this
tool increases the network visibility for the network administrators.
A Buffer Overflow Vulnerability has been discovered in HP OpenView
Network Node Manager. This vulnerability exists when invalid crafted
long Accept-Language header of HTTP protocol send to OVABverbose
action. Successful exploitation allows remote attacker can execute
arbitrary code in security context of administrator.
